Seen

Hi guys. I am running into a problem while trying to develop a script to Delete Old Active Directory Objects (User and Computers). What I am looking for is a way to enumerate the LastLogin attribute and then perform an action on them based on how old the object is. I've tried searching this board the best I could (though, of course, I'm far from perfect) and couldn't find any pertinant info. I have a .vbs script sorta does what I want, initally, which is retrieve the LastLogin info. ' List last logon times ' 2001-03-27 John Savill, Jakob Hussfelt http://www.ntfaq.com On Error Resume Next sEnterDCs = "VMTest,SAVILLNT02" sObjects = Split(sEnterDCs, ",") Set oDomain = GetObject("WinNT://" & sObjects(0)) oDomain.Filter = Array("User") WScript.Echo "Showing last login times of accounts from: " & oDomain.Name & vbNewLine For Each oDomainItem In oDomain sUsrLogin = oDomainItem.LastLogin If UBound(sObjects) >= 1 Then For ii = 1 To UBound(sObjects) Set oUsr = GetObject("WinNT://" & sObjects(ii) & "/" & oDomainItem.Name & ",user") If oUsr.LastLogin > sUsrLogin Then sUsrLogin = oUsr.LastLogin Next End If WScript.Echo "Username: " & Left(oDomainItem.Name & Space(22),22) & "Last login: " & FormatDateTime(sUsrLogin) Next However, when I run it through the VBS->AutoIT Converter , and I clean up the code the best I can: #include <array.au3> ;~ #include <bk-logfile.au3> #include <date.au3> ; List last logon times ; 2001-03-27 John Savill, Jakob Hussfelt http://www.ntfaq.com ;VA On Error Resume Next $sDomainName = "VMTEst" $oDomain = ObjGet("WinNT://" & $sDomainName) $oDomain.Filter = _ArrayCreate("User") ;~ _WriteLog ("Showing last login times of accounts from: " & $oDomain.Name & $vbNewLine) For $oDomainItem In $oDomain $sUsrLogin = $oDomainItem.LastLogin If UBound($sDomainName) >= 1 Then For $ii = 1 To UBound($sDomainName) $oUsr = ObjGet("WinNT://" & $sDomainName($ii) & "/" & $oDomainItem.Name & ",user") If $oUsr.LastLogin > $sUsrLogin Then $sUsrLogin = $oUsr.LastLogin Next EndIf MsgBox(0,$oDomainItem.Name, $sUsrLogin) Next It gives me the last login for the first (administrator) account, but it doesn't cycle through each account. The error I get is: Any ideas? Am I doing too much / too little? Thanks. ~Seen

*bump* Has anyone had this problem before?

This is a pretty simple post/problem. I can't seem to get BlockInput() to work. I've tried BlockInput(1) , which does nothing. I've even tried the script provided by the help file (but I changed the WIN_98 to WIN_XP ) and that still didn't work. Any possible reasons why it wouldn't work? Is there an include that I should do?

*bump* Has anyone used this function recently? It would be a huge help to me to utilize this function, but I'm so in the dark with the requirements.

Ugh, I'm having yet another problem understanding one of these functions. The one that I am not understanding is the _ADGetObjectsInOU() function. This is the function: ; _ADGetObjectsInOU ; Returns an array of the objects in an OU ; $ou : The OU to retrieve from ; $filter : optional, default "name'*'". An additional LDAP filter if required. ; $searchscope : optional, default 2. 0 = base, 1 = one-level, 2 = sub-tree ; $datatoretrieve : optional, default "Name". A comma-seperated list of values to retrieve. More than one value will create ; a 2-dimensional array, array[0][0] will contain the number of items returned, which start at array[1][0] Func _ADGetObjectsInOU(ByRef $ObjectArray, $ou, $filter = "name='*'", $searchscope = 2, $datatoretrieve = "sAMAccountName", $sortby = "sAMAccountName") Local $objRecordSet $objCommand = ObjCreate("ADODB.Command") $objCommand.ActiveConnection = $objConnection $objCommand.Properties ("Page Size") = 256 $objCommand.Properties ("Searchscope") = $searchscope $objCommand.Properties ("TimeOut") = 20 $strCmdText = "<LDAP://" & $strHostServer & "/" & $ou & ">;" & $filter & ";" & $datatoretrieve & ";subtree" $objCommand.CommandText = $strCmdText $objRecordSet = $objCommand.Execute $recordcount = $objRecordSet.RecordCount If $recordcount = 0 Then $objCommand = 0 $objRecordSet = 0 Return 0 EndIf If StringInStr($datatoretrieve, ",") Then $dtrArray = StringSplit($datatoretrieve, ",") Dim $ObjectArray[$recordcount + 1][$dtrArray[0]] $ObjectArray[0][0] = $recordcount $ObjectArray[0][1] = $dtrArray[0] $count = 1 $objRecordSet.MoveFirst Do For $i = 1 To $dtrArray[0] $ObjectArray[$count][$i - 1] = $objRecordSet.Fields ($dtrArray[$i]).Value Next $objRecordSet.MoveNext $count += 1 Until $objRecordSet.EOF Else Dim $ObjectArray[$recordcount + 1] $ObjectArray[0] = UBound($ObjectArray) - 1 If $ObjectArray[0] = 0 Then $ObjectArray = 0 Return 0 Else $count = 1 $objRecordSet.MoveFirst Do $ObjectArray[$count] = $objRecordSet.Fields ($datatoretrieve).Value $objRecordSet.MoveNext $count += 1 Until $objRecordSet.EOF EndIf EndIf $objCommand = 0 $objRecordSet = 0 Return 1 EndFunc ;==>_ADGetObjectsInOU I can't seem to figure out how to use it at all. Do I have to create my own array or does it create one for me? If so, how would I display this array? I tried _ADGetObjectsInOU($ObjectArray, $ou) (I define the $ou variable as CN=Users,DC=vmtest,DC=local ) and the error I get: COM Error #: 000000A9 Description: Variable must be of type "Object" Script Line #: 641 (in adfunctions.au3) Can anyone help?

That returns the domain path of the current user, but I just want it to look for a certain OU and then display that path. For example, say the function is called displayou($ouname). When I pass the value "Users" to it, I want it to display the path of the OU "Users". Such as CN=Users,DC=Domain,DC=local . Is this pointless? Perhaps I should just define the OU myself? Maybe I'm making this more complicated than it needs to be...

Like I said before, I coulda SWORE I did that. But, apparently not. Looks like I'm Human

I managed to fix my own problem (and of course, for me PEBKAC :"> ) about the DeleteObject function, however, I have a new question. Is there a function out there that will query Active Directory for a specified OU and then return output like OU=People,OU=Users,DC=domain,DC=local ? I could really, really use something like that and I have no idea where to even start if I wanted to develop it on my own. Anyone?

0_o. Weird. So I did some forum searching on that error, and it said it was a syntax error. It said to try using Brackets So I did SetPassword ($defaultpassword) And it worked. I could have sworn I did this before, but I guess not. Sorry to bug everyone. Thanks again to ptrex for giving me the error handling script! Your awesome! ~Seen

Ok, I get: COMM Error # 8002000E Description: Invalid number of parameters. Line 58. Full Code: $sFuncName = ObjEvent("AutoIt.Error") if $sFuncName <> "" then Msgbox (0,"Test","User has installed Error Handler function: " & $sFuncName) EndIf ; Initialize error handler #include <GUIConstants.au3> #include<adfunctions.au3> #Region ### START Koda GUI section ### Form=c:\documents and settings\administrator\desktop\form designer\forms\sjtestform.kxf $Form1_1 = GUICreate("Form1", 381, 295, 313, 210) $TitleLabel = GUICtrlCreateLabel("SJConsultant User Management Control", 8, 8, 311, 23) GUICtrlSetFont(-1, 12, 800, 0, "Century Gothic") $AddLabel = GUICtrlCreateLabel("Add a User: ", 8, 40, 90, 20) GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif") $DeleteButton = GUICtrlCreateButton("Delete User", 288, 224, 83, 25, 0) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $DeleteLabel = GUICtrlCreateLabel("Delete a User:", 8, 168, 104, 20) GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif") $AddInputLast = GUICtrlCreateInput("", 136, 96, 121, 21) $AddButton = GUICtrlCreateButton("Add User", 288, 128, 83, 25, 0) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $EmailLabel = GUICtrlCreateLabel("Email Enabled?", 280, 72, 91, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $YesEmail = GUICtrlCreateRadio("Yes", 280, 96, 41, 17) $NoEmail = GUICtrlCreateRadio("No", 320, 96, 49, 17) $AddInputFirst = GUICtrlCreateInput("", 8, 96, 121, 21) $FirstLabel1 = GUICtrlCreateLabel("First Name:", 8, 72, 68, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $LastLabel1 = GUICtrlCreateLabel("Last Name:", 136, 72, 68, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $DeleteInputFirst = GUICtrlCreateInput("", 8, 224, 121, 21) $DeleteInputLast = GUICtrlCreateInput("", 144, 224, 121, 21) $FirstLabel2 = GUICtrlCreateLabel("First Name: ", 8, 200, 72, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $LastLabel2 = GUICtrlCreateLabel("Last Name:", 144, 200, 68, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### $temp=Envget("windir") $array_UserControl=IniReadSection ( $temp & "\temp\config.ini", "title1") Func CreateUser($userid, $firstname, $lastname) $domain = $array_UserControl[1][1] $suffix = $array_UserControl[2][1] $ou = $array_UserControl[3][1] $servername = $array_UserControl[4][1] $defaultpassword = "PassWord10!" $objOU = ObjGet("LDAP://cn=" & $ou & ",dc=" & $domain & ",dc=" & $suffix) ;~ $objOU = ObjGet("LDAP://cn=Users,dc=vmtest,dc=local") $objUser = $objOU.Create("User", "cn="& $firstname & " " & $lastname) $objUser.Put ("userPrincipalName", "" & $userid & "@" & $domain & "." & $suffix) $objUser.Put ("sAMAccountName", $userid) $objUser.Put ("profilePath", "\\" & $servername & "\profiles\" & $userid) $objUser.SetInfo() $objUser.GetInfo() $objUser.SetPassword $defaultpassword $objApp = ObjCreate("Wscript.Shell") $objUser.AccountDisabled = 0 $objUser.Put ("pwdLastSet", 0) $objUser.SetInfo() EndFunc While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $AddButton $yesradio=GUICtrlRead($YesEmail) $FirstNameAdd=GUICtrlRead($AddInputFirst) $noradio=GUICtrlRead($NoEmail) $LastNameAdd=GUICtrlRead($AddInputLast) $user=StringLeft($FirstNameAdd,1) & $LastNameAdd $userexist = _ADObjectExists($user) If $yesradio = 1 And Not $FirstNameAdd = "" and Not $LastNameAdd = "" Then If $userexist = 1 Then msgbox(0,"",$FirstNameAdd & " " & $LastNameAdd & " is alerady in the system.") Else CreateUser($user, $FirstNameAdd, $LastNameAdd) MsgBox(0, "", "User Added with Email access.") EndIf ElseIf $noradio = 1 And Not $FirstNameAdd = "" and Not $LastNameAdd = "" Then If $userexist = 1 Then msgbox(0,"",$FirstNameAdd & " " & $LastNameAdd & " is alerady in the system.") Else CreateUser($user, $FirstNameAdd, $LastNameAdd) MsgBox(0,"","User Added with No Email access.") EndIf Else msgBox(0,"","Please Fill in (and check) all the required fields.") EndIf Case $DeleteButton $FirstNameDelete=GuiCtrlRead($DeleteInputFirst) $LastNameDelete=GuiCtrlRead($DeleteInputLast) $user=StringLeft($FirstNameDelete,1) & $LastNameDelete $userexist = _ADObjectExists($user) $var="tester" If $userexist = 1 Then $ou=_ADSamAccountNameToFQDN("Users") $type="user" ;~ $userid=_ADSamAccountNameToFQDN($user) _ADDeleteObject($ou, $user, $type) MsgBox(0, "", "Bahleeted.") Else msgbox(0,"",$FirstNameAdd & " " & $LastNameAdd & " doesn't exist.") EndIf EndSwitch WEnd ;------------------------------ This is a COM Error handler -------------------------------- Func MyErrFunc() $HexNumber=hex($oMyError.number,8) Msgbox(0,"COM Error Test","We intercepted a COM Error !" & @CRLF & @CRLF & _ "err.description is: " & @TAB & $oMyError.description & @CRLF & _ "err.windescription:" & @TAB & $oMyError.windescription & @CRLF & _ "err.number is: " & @TAB & $HexNumber & @CRLF & _ "err.lastdllerror is: " & @TAB & $oMyError.lastdllerror & @CRLF & _ "err.scriptline is: " & @TAB & $oMyError.scriptline & @CRLF & _ "err.source is: " & @TAB & $oMyError.source & @CRLF & _ "err.helpfile is: " & @TAB & $oMyError.helpfile & @CRLF & _ "err.helpcontext is: " & @TAB & $oMyError.helpcontext _ ) SetError(1) ; to check for after this function returns Endfunc Hope this helps debug it. Thanks a lot for the error handling code, ptrex.

*bump* Still looking for how to generate a Objevent COMM error # .

How do I get the objevent comm error?

Also, I created that exact environment (An OU named people and a user named Name), and copy and pasted that script. Still doesn't work. I tried manually creating that user with that password, and that works just fine. Is it worth noting that I am doing this all in a VMWare Virtual Server? Would that prevent anything from happening?

Already tried that, no dice.

I'm 99.9% sure that those constants are not needed for what I am trying to do. I'll try them, however, and I'll let you know how it turns out. This is exactly what I am doing. After moving the SetInfo() before the SetPassword(), All the stuff up until the SetPassword() goes through just fine. This means that: $objOU = ObjGet("LDAP://cn=" & $ou & ",dc=" & $domain & ",dc=" & $suffix) $objUser = $objOU.Create("User", "cn="& $firstname & " " & $lastname) $objUser.Put ("userPrincipalName", "" & $userid & "@" & $domain & "." & $suffix) $objUser.Put ("sAMAccountName", $userid) $objUser.Put ("profilePath", "\\" & $servername & "\profiles\" & $userid) goes through just fine. Even moreso a kicker, when I comment out the SetPassword(), there are 0 problems! I am so confused it hurts! Nobody else has had this problem? Just for sh!ts and giggles, I'll post the entire script. Maybe there is something else that is wrong... #include <GUIConstants.au3> #Region ### START Koda GUI section ### Form=c:\documents and settings\administrator\desktop\form designer\forms\sjtestform.kxf $Form1_1 = GUICreate("Form1", 381, 295, 313, 210) $TitleLabel = GUICtrlCreateLabel("SJConsultant User Management Control", 8, 8, 311, 23) GUICtrlSetFont(-1, 12, 800, 0, "Century Gothic") $AddLabel = GUICtrlCreateLabel("Add a User: ", 8, 40, 90, 20) GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif") $DeleteButton = GUICtrlCreateButton("Delete User", 288, 224, 83, 25, 0) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $DeleteLabel = GUICtrlCreateLabel("Delete a User:", 8, 168, 104, 20) GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif") $AddInputLast = GUICtrlCreateInput("", 136, 96, 121, 21) $AddButton = GUICtrlCreateButton("Add User", 288, 128, 83, 25, 0) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $EmailLabel = GUICtrlCreateLabel("Email Enabled?", 280, 72, 91, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $YesEmail = GUICtrlCreateRadio("Yes", 280, 96, 41, 17) $NoEmail = GUICtrlCreateRadio("No", 320, 96, 49, 17) $AddInputFirst = GUICtrlCreateInput("", 8, 96, 121, 21) $FirstLabel1 = GUICtrlCreateLabel("First Name:", 8, 72, 68, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $LastLabel1 = GUICtrlCreateLabel("Last Name:", 136, 72, 68, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $DeleteInputFirst = GUICtrlCreateInput("", 8, 224, 121, 21) $DeleteInputLast = GUICtrlCreateInput("", 144, 224, 121, 21) $FirstLabel2 = GUICtrlCreateLabel("First Name: ", 8, 200, 72, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $LastLabel2 = GUICtrlCreateLabel("Last Name:", 144, 200, 68, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### $temp=Envget("windir") $array_UserControl=IniReadSection ( $temp & "\temp\config.ini", "title1") Func CreateUser($userid, $firstname, $lastname) $domain = $array_UserControl[1][1] $suffix = $array_UserControl[2][1] $ou = $array_UserControl[3][1] $servername = $array_UserControl[4][1] $defaultpassword = "x!f98btw" $objOU = ObjGet("LDAP://cn=" & $ou & ",dc=" & $domain & ",dc=" & $suffix) $objUser = $objOU.Create("User", "cn="& $firstname & " " & $lastname) $objUser.Put ("userPrincipalName", "" & $userid & "@" & $domain & "." & $suffix) $objUser.Put ("sAMAccountName", $userid) $objUser.Put ("profilePath", "\\" & $servername & "\profiles\" & $userid) $objUser.SetInfo() $objUser.SetPassword $defaultpassword $objApp = ObjCreate("Wscript.Shell") $objUser.AccountDisabled = 0 $objUser.Put ("pwdLastSet", 0) $objUser.SetInfo() EndFunc While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $AddButton $yesradio=GUICtrlRead($YesEmail) $FirstNameAdd=GUICtrlRead($AddInputFirst) $noradio=GUICtrlRead($NoEmail) $LastNameAdd=GUICtrlRead($AddInputLast) $user=StringLeft($FirstNameAdd,1) & $LastNameAdd If $yesradio = 1 And Not $FirstNameAdd = "" and Not $LastNameAdd = "" Then CreateUser($user, $FirstNameAdd, $LastNameAdd) MsgBox(0, "", "User Added with Email access.") ElseIf $noradio = 1 And Not $FirstNameAdd = "" and Not $LastNameAdd = "" Then MsgBox(0,"","User Added with No Email access.") Else msgBox(0,"","Please Fill in (and check) all the required fields.") EndIf EndSwitch WEnd